Fancy making a move into the cybersecurity sector? Ned Baltagi, Managing Director, Middle East and Africa at SANS Institute, discusses the best ways of doing so.
The latest research from global IT security training company SANS Institute demonstrates that among 14 to 18-year-olds across seven countries in the Middle East and Europe, the choice of IT (including cybersecurity) as a career is highest in the Kingdom of Saudi Arabia (KSA) and the UAE (47% and 46% respectively).
Of those students who are interested in a career in IT, 49% were specifically interested in cybersecurity across the EMEA sample of students, with KSA and UAE leading the pack at 63% and 58% respectively.
Ned Baltagi, Managing Director in the Middle East, SANS Institute, said: “We are currently on the brink of a cybersecurity crisis. By 2020, there will be approximately 24 billion Internet-connected devices installed across the world.
“However, reports show that in the next year or two, unfilled cybersecurity job openings globally will run into several millions, meaning we are severely short of professionals to secure all those devices and systems we are putting online.
“Given the enthusiasm and aptitude of the iGeneration for digital technologies, the answer to our cyber crisis could lie in enthusing and educating younger generations about cybersecurity now, to arm our future workforce.”
Although there are a multitude of opportunities out there for people possessing the right attributes, moving into a career into the cybersecurity sector is not necessarily straightforward.
Intelligent CIO spoke to Ned Baltagi further questions to find out the best way to do this.
How can training help people start a career in cybersecurity?
Training, or continuous professional development, is critical throughout a career in cybersecurity, perhaps more so than for many other careers. The pace of technological change within the industry and the speed and agility of cybercriminals in adapting attack methods means that it is critical to remain up to date with the latest threats and techniques, whatever level you may be operating at within your organisation.
In particular, when first starting out, it is critical to get some kind of qualification or proof of aptitude and ability since so many organisations are loathe to employ unproven personnel in security roles. It can therefore be very hard to get that first break into the profession.
This is starting to change but in order to help fill the skills gap, more organisations need to look for aptitude rather than experience to bring new people into their organisation and to be willing to put them through training, much like a graduate training programme.
A SANS foundation course is ideal as it includes practical elements that allow a cybersecurity new starter to get hands-on experience of dealing with cybersecurity issues which it would otherwise be hard to get. Because most SANS courses map across to GIAC qualifications, it is also possible to take a GIAC exam after attending a course which will provide proof of both aptitude and a certain level of knowledge.
Is the cybersecurity skills shortage in the Middle East any worse than other regions?
The cybersecurity skills shortage is reaching critical levels across the globe; however, in the Middle East region the problem is being taken very seriously. Governments across the region are doing their best to create/train cybersecurity experts, upskilling existing cybersecurity staff, and finding ways to ensure that the future generation is equipped with knowledge to protect themselves and their countries from becoming more vulnerable.
And as we can see from the iGen survey results, these efforts are having an effect, with students in the region much more aware of and interested in cybersecurity as a career than in other regions. They learn about this from parents and at school but also are more willing to research it themselves, probably as a result of a higher profile in the news and other areas of public life.
What advice would you give to those aspiring to pursue a career in cybersecurity?
Firstly, don’t be put off if you don’t have an engineering or a computer science degree. So much of what makes a good cybersecurity professional is about aptitude and passion and also about having a desire to learn and get to the root of a problem.
A good cybersecurity professional is curious, has good problem-solving skills, attention to detail and a willingness to learn and keep learning. Pick an area to focus on and start to research it. Learn about different platforms and products and start to look for weaknesses in them. Keep abreast of the latest technologies, attacks and technological changes.
Seek out and take advantage of any opportunities that come your way. Find out if there are companies willing to offer the chance to learn on the job, show your passion for the area and what you’ve managed to learn by yourself.
If you’re already working in IT, explain that you have a passion for cybersecurity and look for ways to move sideways into the security team. You may have to be persistent if you don’t already have the experience. And if you can, get yourself some training and a qualification. You can hear what SANS instructors have to say on the SANS Level Up site here: https://www.sans.org/level-up/.
What pre-existing skills are required for those wishing to embark on a career in cybersecurity?
Much of the above question is also relevant here. It’s so often about aptitude rather than existing skills. If someone has the right innate abilities and qualities, you can teach them the knowledge. However, since a career in information security requires a knowledge of IT systems (hardware, software, networks and applications) it’s a good idea to start developing that knowledge. It will also help to start learning about the threats and vulnerabilities that make up a cyberattack.
How can young people in the Middle East be encouraged to pursue a career in cybersecurity?
As the iGen survey shows, it’s critical to start building awareness of cybersecurity, both as something we all need to consider to keep ourselves safe but also as a career, at a much younger age. That means teaching students about it at school then university, as well as through other public events with public participation to build general awareness among the population.
SANS is proud of its own CyberStart Program which is specifically built for school students (and is currently being delivered in the UK open to all 14 to 18-year-olds as Cyber Discovery) and Cyber Exercise for university students. These provide a comprehensive cybersecurity curriculum which uses gamified learning to attract students and to help them understand what cybersecurity is, start to learn many of the key elements needed to be a cybersecurity professional and set them on the road to a cybersecurity career.
Why are those countries with a higher awareness of cybersecurity likely to have a competitive advantage in the future?
So much of the global economy relies on digital technologies and the ability to keep our business networks and information, government systems and home networks safe from all kinds of cyberthreats. Those countries with the skilled personnel to do that will automatically set themselves ahead of the rest of the pack.
How important is the role of parents in educating children about cybersecurity?
It’s critical as so much of what children learn begins in the home. In an ideal world what children learn at home about cybersecurity would be built on and developed in school and later at university, as well as through general awareness in public life.
As the survey showed, teachers at school also play a key role in developing this knowledge. So often it is a teacher or parent who could pick up nascent skills and ability in this field and help set a student on the right path towards a career in cybersecurity.